Network News

X My Profile
View More Activity
Posted at 4:08 PM ET, 03/10/2011

Android malware infects security app

By Hayley Tsukayama

Is Google fighting a losing battle against malware? Reports are out that a version of Google's very own Android Market Security Tool has some fishy code in it as well. Security company Symantec, which identified the code, found this version of the app on a third-party Chinese marketplace. The infected version has thus far only shown up on marketplaces in China.

Symantec said that the code is actually hosted on Google code and licensed under an Apache license. The infected code seems to be able to send SMS messages if instructed. Symantec has identified the trojan version of the code as Android.Bgserv.
Sophos, another Internet security firm, has published some key differences between the apps. Google's official app will only ask you for three permissions, while the infected version will ask permissions for "Services that cost you money." Plus, the Google tool is version 2.5, whereas the fake version lists itself as a version 1.5 app.

Google pushed out the original app to all users who downloaded apps affected by the Droid Dream virus. The company pulled about 50 apps from its marketplace and used a kill switch to remove the apps from afflicted handsets.

Related Stories:

Google activates 'kill switch' to remove Android malware

Google pulls malware apps from Android Market

Minimizing cellphone security risks

By Hayley Tsukayama  | March 10, 2011; 4:08 PM ET
Categories:  Android, Google  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Motorola's Xoom tablet is no iPad -- much less an iPad 2
Next: Kinect breaks sales record

No comments have been posted to this entry.

Post a Comment

We encourage users to analyze, comment on and even challenge's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.

characters remaining

RSS Feed
Subscribe to The Post

© 2011 The Washington Post Company